Kubernetes – How to Prevent Attacks with Admission Controllers
This is an expanded version of what was presented at the KubeCon Lightning Talk An admission controller intercepts requests to the Kubernetes API server prior to persistence of the object. By applying proper admission controls in your Kubernetes cluster, it's possible to generate deployments that adhere to the least privilege model, limiting user and container activity based on their business usage needs. In this session, we will review the latest and greatest Kubernetes 1.10 admission controller capabilities. We will demonstrate in a live demo a dynamic admission control webhook that can be customized to limit privileged user access.